Security researchers are rushing to fix a flaw in the Secure Sockets Layer (SSL) protocol after it was exposed on a little-known mailing list. The flaw could allow man-in-the-middle attacks by anyone who can hack into a targeted network. Because the flaw is within the protocol itself, researchers say it will require  massive fixes  to browsers, servers, and peer-to-peer protocols. Mobile phone security company PhoneFactor discovered the bug in August and was working on a fix with the Industry Consortium for Advancement of Security on the Internet (ICASI). (Computerworld)

A new tool has been developed to protect systems against rootkits by gathering targeted kernel functions in one area of memory, then locking it down. Hook Safe generates signatures for kernel activity and makes shadow copies of hooks, the replacement functions for kernel pointers. The tool's developers say it blocks most rootkits and makes others that get by visible to users. (Ars Technica)

A malware art project  posing as a Space Invaders-style game for Macs  eliminates a file from the hard drive for every alien users destroy in the game. The game, Lose/Lose,  is upfront about its purpose, displaying a warning in red letters at the start of play. Security companies have added the game to their blocked programs lists and say that it would be easy for other people to modify the game for malicious purposes. (Register)

PayPal  will release APIs  that let third-party developers  add the payment service to their own applications. The APIs  will include features to let customers make payments even if they don't have a PayPal account. The company also wants to make the service available on mobile phones. (PC World)

IBM is launching an education program to help university students collaborate  using cloud computing applications. IBM Cloud Academy, announced at the Educause conference in Denver, will include IBM's LotusLive service and let students join working groups and share research.  Roughly 20 institutions  throughout the world have signed on as  initial participants, including Carnegie Mellon University in Qatar, New York University, and Beijing University of Technology. (CNet)

Microsoft has issued an update  to an IE patch released in October, the third time it has had to fix  a patch from its largest-ever update. Monday’s  update corrected two issues  – an error that scrambled Web page elements and a “type mismatch” script error related to VBScript. In October, Microsoft corrected errors in a CryptoAPI patch to prevent spoofing and a patch-detection error in Windows Server Update Services. (Computerworld)

A cable modem hacker who published a guide in 2006 has been indicted on three federal charges in the US. Ryan Harris, who goes by DerEngel, was charged with abetting computer intrusion, wire fraud, and conspiracy. Harris leads a group called TCNiSO that sells modified cable modems with firmware that lets users control functionality, and his book Hacking the Cable Modem. offers instructions on unblocking network ports and uncapping. (Wired)

BitTorrent is developing an answer to ISP throttling – a peer-to-peer client that optimizes itself based on network traffic. uTorrent 2.0, currently in beta, monitors networks for congestion by measuring the time it takes packets to travel between peers, then adjusts speeds accordingly. According to BitTorrent, uploads are more likely to be affected because there is usually less bandwidth available for them. (Torrent Freak)

In its biannual Security Intelligence Report released Monday, Microsoft said worms have become a greater threat in 2009, with the number of infections doubling from the second half of 2008 through the first half of 2009. Worms rose from the fifth most common threat online to second, behind Trojans. A major factor for the spike was the Conficker worm, which caused a small panic leading up to April 1 – when security analysts said it could become a bigger threat  – but never did anything significant. The report also said that phishing rose in May and June compared to the previous 10 months, driven by a campaign on social networking sites. (Information Week)

A Trojan recently discovered by Symantec encrypts system files and makes them inaccessible, but doesn’t leave any messages asking for a decryption fee, a common tactic for similar Trojans. According to Symantec, the Trojan adds a .vicrypt extension to documents in Windows, then displays a warning to restart. A company in Mauritius sells a product called Antivicrypt to restore the files, but Symantec offers a free tool for decryption. (CNet)